Understanding Nessus Reports

Part III of Securityfocus' review of Nessus - the free, open source vulnerability scanner, is complete. Article one was an introduction to Nessus, article two dealt with the best way to conduct a vulnerability scan, and article three deals with understanding the reports.

Very nicely covered.

Heres the link

www.securityfocus.com/infocus/1759

Oh, come on!!!

You only like it because it runs on Unix. :lol:

Really, though - it looks pretty good. I might try it as my first program on my long ago seen Linux machine, sitting in the corner.

Actually the nicest bit about it is the client-server architecture.. you just leave the scanning engine running on a *nix box, and you can request scans from the windows client. Its absolutely one of the shining stars of the open-source community.. most people prefer it to its commercial equivalents, and it comes across as a very well finished product. Plus the ease with which you can update its plugins (or write your own) is amazing..

No wonder 1854 people voted it the top network security tool of 2003 over here:
www.insecure.org/tools.html

If you look at the rest of that (incredible) list, you'll see it keeps some pretty distinguished company.

Nessus is one of the greatest products out there, along with MRTG. The reason why it is great.... We all contribute to builting it, it is total open and not tied down to a vendor, like some of the commerical products out there.

As Sahrih said, the beauty about it is its Client / Server ability. I have a Nessus server sitting there and no matter where I am I can connect to it and run tests, so I can demonstrate IDS and watch the audience faces as they can see "normal" Internet activity. They soon buy my services

Just my pennies worth....

Hehe nice signature ..
And while on the topic of great open source security software.. lets not forget our little friends Nmap ( www.insecure.org/nmap ) and Snort ( www.snort.org )